An unreported epidemic: You should panic!

November 10, 17 | Dr James Carlopio

I do not understand why no one is panicking about cyber-crime.  I normally do not suggest panic as a functional response to life, but in this case I think we need to wake up and smell the fear.

According to a recent article , a November 1 snapshot of the US Department of Health and Human Services' HIPAA Breach Reporting Tool website of major breaches affecting 500 or more individuals - commonly called the "wall of shame" - shows 388 breaches impacting more than 4.6 million people have been added to the tally so far in 2017.  Australia’s version of this “wall of shame”, the mandatory data breach notification laws, will take effect by 23 February 2018.

Many people have heard of Equifax, one of the big-three US credit bureaus.  The Equifax data breach put over 140-million people at risk.  We should be panicking as on 10 March hackers attack; 29 July the hack was discovered (+4 months later); 1 & 2 Aug three executives sold stock ahead of the announcement of the breach; 3 Aug the breach was announced; 17 Sept the CIO and chief security officer stepped down (6.5 weeks later); 26 Sept CEO steps down (10 days); Equifax share price has fallen from a high of $147.02 on 31 July to a 14 Sept low of about $94.00 (approximately a 34% drop) and it is $109.00 as of 3 November (approx. a 26% drop).  This story of incompetence, neglect, greed and crime should scare us.

The Yahoo data breach, the biggest to date, put 3-billion people at risk and cost them a $350M reduction on their sale price to Verizon.  This should scare us.

Malaysian authorities are investigating a sweeping data breach that included more than 46 million mobile phone records, a job seeker website's database and records from several national medical organizations . This should scare us.

Global hotel chain Hilton has reached a $700,000 settlement agreement with two states over two separate data breaches discovered in 2015 that exposed more than 360,000 payment card numbers .  This should scare us.

Are you panicked yet?  Likely not, as these stories are not personal, relevant nor important to you … and this is the problem.  By the time this or something like it becomes personal, relevant and important to you, it will be too late because you will have been hacked or your identity will have been stolen or you will have been scammed out of real money!

Ransomware, social engineering scams and denial of service attacks happen to individuals as well as to corporate giants.  According to the ABC and BBC accessed online in October 2017:

•    The global cost of cyber-crime is currently estimated at $126 billion and is predicted to double in the next few years.  •    Over 57,000 infections in 99 countries have been detected. •    Ransomware alone accounted for $1 billion in 2016 and 80% of those who paid did not get their data back. •    Ransomware attacks happen every day in Australia, they just don't get reported. •    The total cost of cyber-crime in Australia is estimated to be at least $3 billion.

This is personal, relevant and important!

And yet, the Australian and New Zealand news media have reported only 1,245 articles related to data breaches, that is about 4 per day across 1,133 newspapers and 111 wire feeds (searched via the ProQuest database).  Given that the total cost of cyber-crime in Australia is conservatively estimated (due to massive under-reporting) to be at least $3 billion, and the global cost of cyber-crime is currently estimated at $126 billion and is predicted to double in the next few years, that fact that this epidemic has been unreported is itself a crime!

The Centers for Disease Control and the World Health Organisation similarly officially define an epidemic as the occurrence of more cases of disease than expected in a given area or among a specific group of people over a particular period of time, while reminding us that there is no absolute criterion for using the term epidemic as standards and expectations change.

By any definition, cyber-crime is now an Australian epidemic and a Global pandemic.  If the incidence of flu increases, people panic and get flu shots.  Why are so few of us even worried about cyber-crime?  Wake up before it is too late.